9277 matches found
Associated-Threat-Analyzer - Detects Malicious IPv4 Addresses And Domain Names Associated With Your Web Application Using Local Malicious Domain And IPv4 Lists
Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists. Installation From Git git clone https://github.com/OsmanKandemir/associated-threat-analyzer.git cd associated-threat-analyzer && pip3...
PurpleOps - An Open-Source Self-Hosted Purple Team Management Web Application
An open-source self-hosted purple team management web application. Key Features Template engagements and testcases Framework friendly Role-based Access Control & MFA Inbuilt DOCX reporting + custom template support How PurpleOps is different: No attribution needed Hackable, no "no-reversing"...
CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...
CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...
CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...
Noir - An Attack Surface Detector Form Source Code
Noir is an attack surface detector form source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools...
[SECURITY] Fedora 38 Update: moby-engine-24.0.5-1.fc38
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...
Fedora: Security Advisory for moby-engine (FEDORA-2023-9f5f1ef40a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Malicious code in docker-slim-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c43f388e17851e78ffe6cea282489130b04ea50c71f40d951e492b3128f019d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-7951 Malicious code in docker-slim-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c43f388e17851e78ffe6cea282489130b04ea50c71f40d951e492b3128f019d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
My SpringOne 2023 Recap
Hi, Spring fans! Look, it's Monday after the first in-person SpringOne of the 2020s and the first since the pandemic, and, being honest, I'm bushed! Vegas is a dizzying, sensational, overwhelming, exciting experience, and SpringOne is too. But it was worth it. The SpringOne show surpassed all...
GHSA-826J-8WP2-4X6Q Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User
Impact A Mass assignment vulnerability was found allowing a non-admin user to escalate privileges to admin user. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch...
Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User
Impact A Mass assignment vulnerability was found allowing a non-admin user to escalate privileges to admin user. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch...
GHSA-256M-J5QW-38F4 Netmaker IDOR Allows User to Update Other User's Password
Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...
Netmaker IDOR Allows User to Update Other User's Password
Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...
GHSA-8X8H-HCQ8-JWWX Netmaker has Hardcoded DNS Secret Key
Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will...
Netmaker has Hardcoded DNS Secret Key
Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will...
CVE-2023-32079
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...
Design/Logic Flaw
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...
CVE-2023-32078
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...